Jump to content
TorGuard
  • 0

DDos Attacks

Rate this question


DMX

Question

Hi folks

 

I have been having various problems with

TG vpn i.e. dns leaks and with help from

support got it sorted (Thanks TG Support).

 

Now I have the basic problem of connecting

to any of the servers even using 8.8.8.8 etc.

 

I then noticed that three clients were

working overtime, HDs spinning even with the

bare min of services.

 

I then checked the gateway router logs and the

pcs are been hammered with DDos attacks all from

dutch ips. Now I have been only using Dutch servers

on my vpn so I did a test today connecting to the

Viscosity Romanian server. When I rechecked my logs

the DDos was now coming from a Romainian ip.

 

Now the ips don’t necessary match the vpn connection

but the company/data server do match. Anyone else having a similar problem.

 

 

Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0
Support

Hi - we are not receiving any such ddos attacks on our IP's, i doubt this is what your seeing - please post us logs of what you are seeing, starring any sensitive info.

 

Regards

Link to post
Share on other sites
  • 0

Yes it does look like their not torguard ip's. I just found it unusual that they started coming from countries that I had connected to via vpn. They got to be spoofed addresses anyway. I was just checking to see if anyone else had an issue.

 

FireWall Log

 

Date/Time Facility Severity Message

Apr 18 09:59:03 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:03 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:03 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:03 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:34 kernel warning kernel: [fwlog] Fragment attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:34 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:34 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:34 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:34 kernel warning kernel: [fwlog] Fragment attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 09:59:34 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 10:00:49 kernel warning kernel: [fwlog] Fragment attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 10:00:49 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

Apr 18 10:00:49 kernel warning kernel: [fwlog] Udp bomb attack, SRC=93.115.87.43 DST=***.**.**.***.

 

Other SRC IPs sending both UDP Bombs Fragments as well as smurfs.

 

91.121.110.15

93.115.87.43

110.78.156.153

89.248.172.148

Link to post
Share on other sites
  • 0
Support

It certainly isn't targeted at our IP - i would imagine this would be normal scanning by malware/bots possibly scanning IP ranges of our DC.

 

Regards

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...